In message <4379D670.5060200@ulyssis.org>, Dries Schellekens writes:
>Steven M. Bellovin wrote:
>
>> Per http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951
>916.html
>> the good folks at University of Oulu have found flaws in many different 
>> implementations of IKE.  OpenSWAN is one of the affected code bases.  
>> Does anyone know if NetBSD or KAME IKE are vulnerable?  (The test suite 
>> can be downloaded from http://www.ee.oulu.fi/research/ouspg/protos/testing/c
>09/isakmp/
>>  )
>
>It is being looked at by the ipsec-tools people:
>http://sourceforge.net/mailarchive/forum.php?thread_id=8967088&forum_id=32000

Good.
>
>OpenBSD has audited their IKE parsing code early 2004 and thus is not 
>vunerable:
>http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2
>
I don't believe in audits -- well-crafted tools are much better....

Thanks.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb